Your message dated Sat, 28 Aug 2021 11:53:01 +0000
with message-id <[email protected]>
and subject line Bug#993046: fixed in libssh 0.9.6-1
has caused the Debian Bug report #993046,
regarding libssh: CVE-2021-3634
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
993046: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993046
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libssh
Version: 0.9.5-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libssh.
CVE-2021-3634[0]:
| Possible heap-buffer overflow when rekeying
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3634
[1] https://www.libssh.org/security/advisories/CVE-2021-3634.txt
[2]
https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.9.6-1
Done: Martin Pitt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <[email protected]> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Aug 2021 12:51:05 +0200
Source: libssh
Architecture: source
Version: 0.9.6-1
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <[email protected]>
Changed-By: Martin Pitt <[email protected]>
Closes: 993046
Changes:
libssh (0.9.6-1) unstable; urgency=medium
.
* New upstream version 0.9.6:
- Fix possible heap-buffer overflow when rekeying with different key
exchange mechanism (Closes: #993046, CVE-2021-3634)
* Refresh 2004-install-static-lib.patch for new upstream version
* Bump Standards-Version to 4.6.0. No changes necessary.
* debian/control: Declare Rules-Requires-Root: no
Checksums-Sha1:
7e5ed2d52e88841f56495dd13860f85c49515556 2688 libssh_0.9.6-1.dsc
1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 1053056 libssh_0.9.6.orig.tar.xz
ff02baec3f573a4511560562cea8863ec8936dd4 833 libssh_0.9.6.orig.tar.xz.asc
8e017cc38c11800638a9ff5b094e9ae031d602e2 27180 libssh_0.9.6-1.debian.tar.xz
d0a3080f2a96efff576bedb57ca77d3655204e93 6311 libssh_0.9.6-1_source.buildinfo
Checksums-Sha256:
b27e96fc732892922382d5c25ea76dbc11142ea62419355401053a5694d7685a 2688
libssh_0.9.6-1.dsc
86bcf885bd9b80466fe0e05453c58b877df61afa8ba947a58c356d7f0fab829b 1053056
libssh_0.9.6.orig.tar.xz
050d4e532a614c20b4830ebc210bb28acee2ed458e694c8aedfe2ab152688298 833
libssh_0.9.6.orig.tar.xz.asc
37a80eb53d5258abbdabccb498acfb182a9cec6d8d84a5ea2ac03f410db45022 27180
libssh_0.9.6-1.debian.tar.xz
f4ed7d128a840ef79c46680709d00461660988a1089dae82b795085d9419ea85 6311
libssh_0.9.6-1_source.buildinfo
Files:
0b09b39b008d769768f5bb430b3f500b 2688 libs optional libssh_0.9.6-1.dsc
0174df377361221a31a9576afbaba330 1053056 libs optional libssh_0.9.6.orig.tar.xz
34acbb47081deb0d73d4ec617d960520 833 libs optional libssh_0.9.6.orig.tar.xz.asc
4ff8251e547af6e6b89f73554d22b646 27180 libs optional
libssh_0.9.6-1.debian.tar.xz
100d192c0030fd419245c7a64c5d8e1c 6311 libs optional
libssh_0.9.6-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPbRrVe+lnUDmIyFI0U7xXa/hE0cFAmEqFUcACgkQ0U7xXa/h
E0eZMQ/+MuE7YGvsCnYgI85zKfN9czxcFuByloH4v0EQ/vrEMexMnxAP7YwjFv4G
TujTprx1GOG31j8UfyEsvLFv3QWNqnNjBlMrp5h6C3Z1hvV7zvRl6oQBcjD4fNDj
TX4j+M78a7ZlmkWTxEqKj0aOhOvFzt0JKDeLnNfU783X39CrSQqPdMgKqBtFc6E7
t1VnBO1S7xXRa4I/qKGPk810jc4oW/g7nVJ2lrE9sn6HdCj6jfne+4YqIc/gpBnT
RVq4jLc8vx01uZ+f8be9qnrERzjUvBNoLyLuaduqECs5xT5CMIM6W2j/S1bT1mDs
R6Kyvzwxz4Vq8BUE4TQzgE6Cc37a2vim4jxtBMCB4eNnfW1regetKu6b/fvaN6Lz
LKLzpoGbd3KwEF2V5BUVCpvl14z8vHyp+G/xpeKD/uPc/RV6pWOzpQXLMOQ/UlpY
2o6GKjLjnxqvBv2jFQgM57WJtRFue/hgR5n1dgecW0UekCPQhvaQ7ZaIkXisYO9K
anL78FV2DqkD3UIt+Idm4iT2P8OjdJaQC9Zx03JTc7mkfJWAAs1URvrvEPxyPEu9
kYwzi8ORMSRz2URs0MiOVTzcyANJ1yzVk4wI2gkSS//Eh8p/OAbpk62YlTbBrJos
j65N74VCZ2Bai5wUM5pSDAIHvXMoQLvLYLZhrnHdssky5uZjkD0=
=Csfw
-----END PGP SIGNATURE-----
--- End Message ---